No Match Found
Enabling an IAM transformation to strengthen security and improve operations
Cybersecurity and trust<br>Cloud and digital
As an organization respected worldwide for experience in combining technology, business transformation and trust, PwC understands the importance of modern, secure solutions for managing large-scale enterprises. When evaluating our own complex identity and access management (IAM) system, we saw an opportunity to model that principle.
From a consistent, mobile-first single sign-on (SSO) experience across platforms and devices to reduced time for client delivery and employee onboarding, our IAM transformation was designed to improve user experiences, standardize global operations, strengthen security and reduce technical debt. In pivoting to a streamlined, scalable cloud solution, we laid the foundation for our own growth and developed a successful approach to digital transformation on a global scale that could benefit our clients in more ways than one. Not only does the modern solution streamline access to PwC platforms for engagement-related work, it also enhances our ability to guide clients through their own transformations.
By 2016, PwC’s network of member firms in more than 150 countries encompassed over 13 IAM platforms, 4,600 administrators and 90 Active Directory forests worldwide — a construct of directories that store user and group data and provide authentication services.
Faced with a fast-growing, mobile-first workforce, a digitization movement in the market and an evolving cyber-threat landscape, we performed a significant data transformation — moving from traditional on-premises legacy directories to a cloud-first, centrally managed identity solution. The new platform integrated IAM with security functions, including cloud governance, data privacy and controls, building greater trust among employees and customers alike.
The primary challenge was to consolidate a web of directories, users and platforms into a cloud-based IAM system that would be secure, nondisruptive and seamless to use. This was complex because the specific business and IT needs involved differed by region and application, and there was a lack of overarching authentication standards across the network of member firms.
Rather than build a whole solution first and migrate all applications at once, we adopted a modular approach. The team worked in phases, prioritizing functions based on the applications that required them, then migrating those applications in batches. This phased “migration factory” eliminated the need to wait for all functionality to be built prior to implementation, which saved time and provided greater flexibility to respond to challenges.
The first step to a data modernization of this scale was a yearlong series of cross-disciplinary workshops held across the North America, Europe and Asia-Pacific regions. The goal was to establish a collective vision among executives from PwC’s global member firms — no small feat considering the nuances we had to consider. Not only did we need to account for different business and IT team preferences and use cases across regions, but also matters of data residency and privacy requirements. That included the growing problem of cross-border data transfer, which has threatened to disrupt market strategies worldwide.
Drawing on the global feedback received in the workshops, we fine-tuned an enterprise solution to address the needs of our employees and internal users, as well as our customers. With the buy-in of our global membership secured, we began the intricate process of migrating IAM capabilities to the cloud.
Given our extensive cloud knowledge, PwC was well-positioned to construct a robust and scalable cloud solution. But even with our wealth of experience, the complexity of migrating a company of our size to an entirely new platform presented a unique learning opportunity. Our global IAM system expanded over the years into its current state: a complicated web of disparate Active Directories, users and platforms — typically seen as a result of mergers and acquisitions in other companies, but in this case, of organic global growth across the firm.
To meet the complexity of our global use cases — while allowing for the size and scope our IAM platform would need to accommodate — we prioritized strength and flexibility. The resulting solution now handles the traffic of roughly 350,000 internal users and up to two million external users logging in multiple times a day, 24/7, with capacity to grow.
As a result of this transformation, we’re standardizing controls and unlocking operational efficiencies across the global organization. Better capabilities to manage user access like SSO help improve security workflows and vulnerability management along with employee and client productivity, self-service features for processes like password resets can reduce time-consuming administrative labor and automated attestation of user access enables more scalability. The migration lays the groundwork for progress toward our zero-trust initiatives, including advanced security capabilities like multifactor authentication and password-less access.
A key factor to our success was keeping our business, IT and security teams in close collaboration throughout the implementation — and that wealth of first-hand experience has paid off. Having gained a deeper understanding of the challenges and benefits of undertaking such a significant, disruptive project, PwC can be a better strategic advisor in guiding clients through their own IAM leading practices and cloud transformation journeys.
minutes to register new users,
down from 4-8 hours
growth in login activity during the first two years following the launch
internal and ~2M external users migrated
Modern standards and applications that improve operations, safeguard the business
and provide a quick and easy login experience.
Global and US Chief Information & Technology Officer, PwC US
Principal, Cyber, Risk and Regulatory, PwC US
Principal, Cyber, Risk and Regulatory, PwC US